Posted
by
Soulskill
on Sunday January 06, 2013 @01:46AM
from the nothing-like-fixing-bugs-over-the-holidays dept.

wiredmikey writes "NVIDIA on Saturday quietly released a driver update (version 310.90) that fixes a recently-uncovered security vulnerability in the NVIDIA Display Driver service (nvvsvc.exe). The vulnerability was disclosed on Christmas day by Peter Winter-Smith, a researcher from the U.K. According to Rapid7's HD Moore, the vulnerability allows a remote attacker with a valid domain account to gain super-user access to any desktop or laptop running the vulnerable service, and allows an attacker (or rogue user) with a low-privileged account to gain super-access to their own system. In addition to the security fix, driver version 310.90 addresses other bugs and brings performance increases for several games and applications for a number of GPUs including the GeForce 400/500/600 Series."

I remember hooking up an old CRT to the wrong video card.. one with way too a high resolution for that screen..

A while later, hooked up to the correct video card, I noticed a bit of smoke coming out from where the dials were.. removed the case.. plugged it in again to see if it was OK.. it burst into 3 foot high flames.

thankfully a fire extinguisher was about 3 feet away... mom would have been awfully mad if i had burned down the house.... scared the bejeezes out of me... the burnt electrical smell was horrendous..

Absolutely. WebGL allows any random website to tap your hardware through the browser. WebGL is essentially OpenGL ES 2.0 give or take a few APIs and is supported by just about every modern browser except IE. Some enable WebGL by default on suitable hardware, some have it disabled by default. When it is enabled a page has carte blanche to abuse the chipset six ways to sunday. The only protection afforded by browsers is the driver has to implement a GL extension called GL_EXT_robustness which says the driver promises, fingers crossed to be really good about checking and recovering from errors.

ActiveX had something similar called the "safe for scripting" bit. IE wouldn't load a page unless the control said it was safe and look what happened there. While there are less graphics drivers than activeX controls, it's easy to imagine a driver version claiming it's robust when in fact it isn't. It's easy to imagine a malicious site using that fact to break a lot of machines. I assume browsers could implement a whitelist of "good" drivers and update the list in addition to checking for the extension but it's obviously imperfect and offers additional browser exploits where none existed before.